Atlassian documentation on Apache configuration:
https://issues.atlassian.com/kb/proxying-atlassian-server-applications-with-apache-http-server-mod_proxy_http-806032611.html
Example Apache Configuration:
<VirtualHost 10.11.12.13:80> ServerName documentation.example.com ServerAliaS documentation ProxyPreserveHost On RewriteEngine on # Redirect http traffic to https RewriteRule ^/(.*)$ https://documentation.example.com/$1 [L,R] </VirtualHost> <VirtualHost 10.11.12.13:443> ServerName documentation.example.com ErrorLog /var/log/httpd/documentation.example.com-ssl_error_log TransferLog /var/log/httpd/documentation.example.com-ssl_access_log CustomLog /var/log/httpd/documentation.example.com-ssl_request_log ssl_combined ProxyPreserveHost On ProxyRequests Off ProxyPass /synchrony http://localhost:8091/synchrony <Location /synchrony> Require all granted RewriteEngine on RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC] RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC] RewriteRule .* ws://localhost:8091%{REQUEST_URI} [P] RequestHeader unset Authorization </Location> ProxyPass / http://localhost:8090/ retry=2 acquire=3000 timeout=120 Keepalive=On ProxyPassReverse / http://localhost:8090/ LogLevel info Include conf.d/ssl.inc </VirtualHost> |
Very often multiple applications run on the same server. Having SSL configuration in one place makes sense.
We like to include the following into VirtualHosts that should be configured wil SSL Include conf.d/ssl.inc
SSLEngine on SSLHonorCipherOrder On SSLProtocol all -SSLv2 -SSLv3 SSLProxyProtocol all -SSLv2 -SSLv3 SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" SSLCertificateFile /etc/pki/tls/certs/wildcard/wildcard.example.com.crt SSLCertificateKeyFile /etc/pki/tls/certs/wildcard/wildcard.example.com.key SSLCertificateChainFile /etc/pki/tls/certs/wildcard/wildcard.example.com.ca-bundle |
APPLICATION_HOME:/conf/server.xml
Locate the connector in server.xml.
When the application is served by a proxy server behind SSL, changes to server.xml are required.
Because Kerberos tokens in some environments may exceed the default 8K bytes, our recommendation is to increase maxHttpHeaderSize.
proxyName="documentation.example.com" proxyPort="443" scheme="https" secure="true" maxHttpHeaderSize="32768"